Abstract
In this paper we present a trusted time-stamping service which issues time-stamps with enhanced security by a practical forward-secure proxy signature mechanism.??This signature scheme provides a way to verify the validity of the delegation from the trusted time source through the common PKI certification hierarchy.??The forward-security of this signature scheme provides better protection against key-exposure attack when time-stamping server gets intruded. The design of this signature scheme is tied closely to the time-stamping service based on hierarchicaldistributed time sources.??The signature scheme is implemented with standard RSA signature and verification algorithms.??The computation of signing and verification in providing the forward-security feature is absorbed into the proxy scheme. Only delegation and key-updating require minor extra computation. In addition, one safety assumption made implicitly in Krawczyk's forward-secure signature scheme is identified and eliminated such that the security of our scheme outperforms its predecessor.